<?php
session_start();

$col=':';
$dbuser=$_SESSION['dbuser'];
$dbpass=$_SESSION['dbpass'];
$dbport=$_SESSION['dbport'];
$dbhost=$_SESSION['dbhost'];
$dbname=$_SESSION['dbname'];

// grant privileges parameters
$grusname = $_POST["username"];
$grhtname = $_POST["hostname"];
$grdbname = $_POST["databasename"];
$grtbname = $_POST["tablename"];
$grtbtype = $_POST["tabletype"];
$grrlname = $_POST["rolename"];
$gremaddr = $_POST["emailaddr"];     
  
if ($dbhost=="localhost") {
   $dbhost = "127.0.0.1";
   } 
   

function call_grant_privileges($dbhost_tmp, $dbuser_tmp, $dbpass_tmp, $dbname_tmp, $dbport_tmp, $grusname_tmp, $grhtname_tmp, $grdbname_tmp, $grtbname_tmp, $grtbtype_tmp, $grrlname_tmp, $gremaddr_tmp)
{
    $mysqli = mysqli_init();
    $mysqli->real_connect($dbhost_tmp, $dbuser_tmp, $dbpass_tmp, $dbname_tmp, $dbport_tmp);
  
    if (mysqli_connect_errno())
    {
      $error=mysql_error();
      $_SESSION['error'] = $error;
      
      Header("Location: error.php");
    }
    
    else
    {
       $str_query = "call securich.grant_privileges('" . $grusname_tmp . "','" . $grhtname_tmp . "','" . $grdbname_tmp . "','" . $grtbname_tmp . "','" . $grtbtype_tmp . "','" . $grrlname_tmp . "','" . $gremaddr_tmp . "');"; 

       if($mysqli->multi_query ($str_query))
       {         
            do
            {
              if($objResult = $mysqli->store_result())
              { 
                 while($row = $objResult->fetch_assoc())
                 {

                    foreach($row as $key => $value)
                    {
                      list($garbage1, $newusername, $garbage2, $newemailaddress, $garbage3, $newpassword) = explode("--", $value);

                      $_SESSION['UC_newusername'] = $newusername;
                      $_SESSION['UC_newemailaddress'] = $newemailaddress;
                      $_SESSION['UC_newpassword'] = $newpassword;
                      $_SESSION['UC_query'] = $str_query;
                      header ("Location: user_created.php");
                      echo " ";
                    }
                 }
              
                 $objResult->close();
              }
          }
          while ( $mysqli->next_result());
    }

    header ("Location: accounts.php");

  }
}



function call_revoke_privileges($dbhost_tmp, $dbuser_tmp, $dbpass_tmp, $dbname_tmp, $dbport_tmp, $grusname_tmp, $grhtname_tmp, $grdbname_tmp, $grtbname_tmp, $grtbtype_tmp, $grrlname_tmp, $gr_terminate_tmp)
{
    $mysqli = mysqli_init();
    $mysqli->real_connect($dbhost_tmp, $dbuser_tmp, $dbpass_tmp, $dbname_tmp, $dbport_tmp);
  
    if (mysqli_connect_errno())
    {
      $error=mysql_error();
      $_SESSION['error'] = $error;
      
      Header("Location: error.php");
    }
    
    else
    {
       $str_query = "call securich.revoke_privileges('" . $grusname_tmp . "','" . $grhtname_tmp . "','" . $grdbname_tmp . "','" . $grtbname_tmp . "','" . $grtbtype_tmp . "','" . $grrlname_tmp . "','" . $grterminate_tmp . "');"; 
    
       if($mysqli->multi_query ($str_query))
       {
         $_SESSION['UC_username'] = $grusname_tmp;
         $_SESSION['UC_hostname'] = $grhtname_tmp;
         $_SESSION['UC_rolename'] = $grrlname_tmp;
         $_SESSION['UC_dbname'] = $grdbname_tmp;
         $_SESSION['UC_tbname'] = $grtbname_tmp;
         $_SESSION['UC_query'] = $str_query;
         
         Header("Location: privilege_revoked.php");
    }
  }
}

if ((!isset($_POST['submit_grant'])) && (!isset($_POST['submit_revoke']))) { // if page is not submitted to itself echo the form

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<HTML xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><HEAD><META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE>Sam-My - Securich GUI tool - Welcome</TITLE>
	
  <script type="text/javascript">

  function checkIt(el) 
  {
    var elArr = ['stext','grantprivileges','revokeprivileges','ltext'];
    for (var i=0; i<elArr.length; i++) 
    {
  	  sel = document.getElementById(elArr[i]);
	  if (el.value == elArr[i]) { sel.style.display = 'block'; }
      else { sel.style.display = 'none'; } 
    }
    
  // not sure what this is supposed to do from source given ???    
  //    document.getElementById('who').value = '';
  }

</script>
	<STYLE type="text/css" media="all">
	
	body {
		background: #f70;
		font: 0.8em arial, helvetica, sans-serif;
		margin: 0;
		padding: 0;
		height:100%;
        padding-bottom:35px;   /* Height of the footer */
	}
	
	#footer {
        position: absolute;
 	    bottom: 40px;
	    width:100%;
	    height:15px;   /* Height of the footer */
	    color: #FFF;
    }
	
	#header {
		background-color: white;
	}
	
    #header ul {
		list-style: none;
		padding: 0;
		margin: 0;
		background: white;
		float: left;
		width: 100%;
    }
    
	#header li {
		float: left;
		margin: 0 1em 0 0;
    }
    
	#header a {
		text-decoration: none;
		display: block;
		width: 6em;
		padding: 0 0.5em;
		font-weight: bold;
		color: black;
		border-bottom: 0.5em solid #fc6;
		color: #fc6;
    }
	
	#header a:hover {
		color: #fa3;
		border-color: #fa3;
	}
	
	#header #selected a {
		color: #f80;
		border-color: #f80;
	}
	
	#content {
        position:absolute;
        top: 163px;
        left:63px;
		clear: both;
		color: white;
		padding: 1em;
	}
	
	#content p {
		margin: 0 0 1em 0;
	}
	
	c1 {
        position:absolute;
        top: 0px;
        left:200px;
		clear: both;
		color: white;
		padding: 1em;
	}
	
	h1 {
		margin: 0;
		padding: 0.5em 0 1em 0.5em;
		color: #f80;
		font-size: 1.5em;
		font-style: italic;
	}

	</STYLE>
	
</HEAD><BODY>


<DIV id="header">

<H1>Sam-My - The GUI frontend for Securich, the security plugin for MySQL</H1>

<UL>
	<LI><A href="welcome.php">Home</A></LI>
	<LI><A href="accounts.php">Accounts</A></LI>
	<LI id="selected"><A href="grant_revoke.php">Privileges</A></LI>
	<LI><A href="configure.php">Config</A></LI>
	<LI><A href="securich.php">Securich</A></LI>
	<LI><A href="help.php">Help</A></LI>
	<LI><A href="logout.php">Log Out</A></LI>
</UL>
</DIV>


<DIV id="content">

   <b>Command:</b>
   <br><br>
   
   <input type="radio" name="radioBtn" value="grantprivileges" onclick="checkIt(this)">GrantPrivileges<br>
   <input type="radio" name="radioBtn" value="revokeprivileges" onclick="checkIt(this)">RevokePrivileges<br><br>
   <input type="radio" name="radioBtn" value="stext" onclick="checkIt(this)">DropRole<br>
   
   <c1>
   <div id="stext" style="display:none;width:150px" />
      Rol2:<input type="text" id="single" size="25" />
   </div>
   
   <div id="grantprivileges" style="display:none;width:150px" />
   <form method="post" action="<?php echo $PHP_SELF;?>">
   <div>

      Username: <input type="text" id="multiple01" size="25" name="username"/><br>
      Hostname: <input type="text" id="multiple02" size="25" name="hostname"/><br>
      Database: <input type="text" id="multiple03" size="25" name="databasename"/><br>
      Table / Stored Procedure: <input type="text" id="multiple04" size="25" name="tablename"/><br>
      Table Type:
      <SELECT name="tabletype">
        <OPTION value="all">all</OPTION>
        <OPTION value="alltables">alltables</OPTION>
        <OPTION value="singletable" selected>singletable</OPTION>
        <OPTION value="storedprocedure">storedprocedure</OPTION>
        <OPTION value="regexp">regexp</OPTION>
      </SELECT><br>
      Role: <input type="text" id="multiple06" size="25" name="rolename"/><br>
      EmailAddr: <input type="text" id="multiple07" size="25" name="emailaddr"/><br>
          <input type="submit" value="Grant" name="submit_grant">
    </div>
    </form>
   </div>
  
  <div id="revokeprivileges" style="display:none;width:150px" />
   <form method="post" action="<?php echo $PHP_SELF;?>">
   <div>
      Username:<input type="text" id="multiple11" size="25" name="username"/><br>
      Hostname:<input type="text" id="multiple12" size="25" name="hostname"/><br>
      Database:<input type="text" id="multiple13" size="25" name="databasename"/><br>
      Table / Stored Procedure:<input type="text" id="multiple14" size="25" name="tablename"/><br>
      Table Type:
      <SELECT name="tabletype">
        <OPTION value="table" selected>table</OPTION>
        <OPTION value="storedprocedure">storedprocedure</OPTION>
        <OPTION value="column">regexp</OPTION>
      </SELECT><br>
      Role:<input type="text" id="multiple15" size="25" name="rolename"/><br>
      Terminate Connects?
      <SELECT name="terminate">
        <OPTION value="no" selected>No</OPTION>
        <OPTION value="yes">Yes</OPTION>
      </SELECT><br>
          <input type="submit" value="Revoke" name="submit_revoke">
    </div>
    </form>
   </div>      
  <div id="droprole" style="display:none;width:150px" />
   <form method="post" action="<?php echo $PHP_SELF;?>">
   <div>
     <textarea id="alist" rows="10" cols="19" name="rolename"/></textarea>
     <input type="submit" value="DropRole" name="submit_drop_role">
   </div>
   </form>
  </div>

   </c1>
</DIV>

   <DIV id="footer" align="left">
   <table>
     <tr>
       <td width="23px">&nbsp;</td>
       <td>
         Copyright &copy; Darren Cassar a.k.a. preacher<br />
         Developed by Darren Cassar <?php echo date("Y"); ?> - GPLv2
       </td>
     </tr>
   </table>
   </DIV>

<?
} else {

  if (isset($_POST['submit_revoke'])) {
    call_revoke_privileges($dbhost, $dbuser, $dbpass, $dbname, $dbport, $grusname, $grhtname, $grdbname, $grtbname, $grtbtype, $grrlname, $grterminate);
  }
  
  if (isset($_POST['submit_grant'])) {
    call_grant_privileges($dbhost, $dbuser, $dbpass, $dbname, $dbport, $grusname, $grhtname, $grdbname, $grtbname, $grtbtype, $grrlname, $gremaddr);
  }
  
} // end if  

?>
</BODY></HTML>